Thierry Moreau wrote:
Eric Rescorla wrote:At Mon, 21 Jul 2008 05:44:25 +0100, Ben Laurie wrote:Eric Rescorla wrote:So, I'm not saying that l-o-f will necessarily work here, but I don't think it's necessary to prompt the user. Rather, you can just accept the first key you see...And prompt them when it changes?Good question. Probably retry via the original channel. I agree it's not a real adequate answer...This is the pervasive question for almost all security schemes. How does a client system establish, and then "maintain", trust in a remote party which you (the designer, with your opinion perhaps reflected reflected in a "policy") assume equiped with more skills in IT security management.DNSEXT revisits this question because ... because what, I don't know. Actually the question belongs to the IT security community of experts which never addressed the question for what it is, i.e. pervasive for almost all security schemes.
I think the security community has failed to grasp this nettle in many areas, not just the "trust" question (I dislike that word, but it is the term of art). In practice we've had the cryptographic and protocol answers to many security problems for a long time. What we have consistently failed to address is the fact that security is actually a UI problem, not a technical one.
Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>